cp [email protected] /etc/systemd/system
systemctl daemon-reload
systemctl enable [email protected]
cp rclone@restic /etc/sysconfig
vi /etc/sysconfig/rclone@restic
systemctl start rclone@restic
journalctl -xefurclone@restic
Last active
October 8, 2021 09:15
-
-
Save mjf/25b8c25e57ef1c1e0e37c7e742c84dc1 to your computer and use it in GitHub Desktop.
Rclone server for Restic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [restic] | |
| type = local | |
| nounc = true # no crap |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RCLONE_ADDR=0.0.0.0:8000 | |
| # RCLONE_PRIVATE_REPOS=true | |
| # RCLONE_APPEND_ONLY=true | |
| RCLONE_REALM=Restricted | |
| RCLONE_HTPASSWD=/var/lib/restic/.htpasswd | |
| RCLONE_KEY=/var/lib/restic/private_key # default path used by rest-server(8) | |
| RCLONE_CERT=/var/lib/restic/public_key # ditto | |
| RCLONE_PATH=restic:/var/lib/restic |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Rclone server for %i | |
| After=syslog.target | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| User=restic | |
| Group=restic | |
| EnvironmentFile=/etc/sysconfig/rclone@%i | |
| ExecStart=/usr/bin/rclone serve %i $RCLONE_PATH | |
| Restart=always | |
| RestartSec=5 | |
| ReadWritePaths=/var/lib/restic | |
| UMask=022 | |
| CapabilityBoundingSet= | |
| LockPersonality=true | |
| MemoryDenyWriteExecute=true | |
| NoNewPrivileges=yes | |
| PrivateTmp=yes | |
| PrivateDevices=true | |
| PrivateUsers=true | |
| ProtectSystem=strict | |
| ProtectHome=yes | |
| ProtectControlGroups=true | |
| ProtectKernelModules=true | |
| ProtectKernelTunables=true | |
| RemoveIPC=true | |
| RestrictNamespaces=true | |
| RestrictAddressFamilies=AF_INET | |
| RestrictSUIDSGID=true | |
| RestrictRealtime=true | |
| SystemCallArchitectures=native | |
| SystemCallFilter=@system-service | |
| CPUQuota=70% | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment